Cross-Site Scripting Vulnerability in WonderCMS by Adiapera
CVE-2024-32743

Currently unrated

Key Information:

Vendor: WonderCMS
Status: WonderCMS
Vendor: CVE Published:; 17 April 2024

What is CVE-2024-32743?

A cross-site scripting vulnerability has been identified in WonderCMS version 3.4.3 that allows attackers to inject arbitrary scripts or HTML code. This flaw resides in the Settings section, specifically through a crafted input into the SITE LANGUAGE CONFIG parameter under the Security module. By exploiting this weakness, an attacker could potentially execute malicious scripts within the context of a user's session, posing significant security risks and compromising the integrity of the application. Organizations using this version should take immediate action to mitigate the risks associated with this vulnerability.

References

https://github.com/adiapera/xss_security_wondercms_3.4.3

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Apr 17, 2024